sea-tug meeting jan 2014
TRANSCRIPT
1/28/2014
1
The Explosion of Cybercrime - The 5 Ways IT May Be an Accomplice
Mark VillinskiMark VillinskiKaspersky LabKaspersky Lab@@markvillinskimarkvillinski
Never ending….
2013 Corporate Threats Survey• 91% of business’s suffered
one cyber attack in the last 12 months
• 9% of business’s were victims of a targeted attack
• Malicious programs could soon replace company insiders as the way of gathering information
https://www.securelist.com/en/analysis/204792317/Kaspersky_Security_Bulletin_2013_Corporate_threats
Top 5 Cybercriminal Motives for 2013 Attacks
http://www.crn.com/slide-shows/security/240164580/top-5-cybercriminal-motives-in-2013-attacks.htm
• Financial losses
• Damaging company reputation
• Stealing money
• Wiping Data, Blocking Infrastructure
• Stealing Information
1/28/2014
2
Kaspersky LabEvolution of malware waves we have to deal with
PAGE 5 |
1994
One new virus every hour
Kaspersky LabEvolution of malware waves we have to deal with
PAGE 6 |
2006
One new virus every minute
Kaspersky LabEvolution of malware waves we have to deal with
PAGE 7 |
2011
One new virus every second
Or 70,000 samples/day
What about
2014
?
1/28/2014
3
What about
2012
?
Kaspersky Lab
is currently processing
300,000
unique malware samples
EVERY DAY
THREATS: SMARTER, FASTER, MORETHREATS: SMARTER, FASTER, MORETHREATS: SMARTER, FASTER, MORETHREATS: SMARTER, FASTER, MORE
Data is on the Move
Device Proliferation
Data Storage Capability
Loss of Confidential Data
Untrusted Networks
“BIGBIG data equals BIGBIG
security challenges.”Forrester
More Data, More Problems
1/28/2014
4
Evolution Of Our Networks
Online Account TakeoverCorporate accounts are targeted because of the large balances and the ACH credits that are
generated have expedited funds availability. Corporate accounts do not offer the same
legal protections that consumer accounts are provided from Regulation E.
Threat Landscape - Malware
APT
New vulnerabilities to exploit
New breeds of malware to deploy
and execute
Continual bombardment of the
target
End users highly susceptible
1/28/2014
5
RSA: TARGETED ATTACK CASE STUDY
▶ On March 17th 2011, RSA announced that it was hacked
▶ During the 2011 Kaspersky Security Analyst Summit, Uri Rivner from RSA how it happened:
▶ Two employees received an e-mail which contained a spreadsheet attachment labeled “2011 Recruitment Plan”.
▶ The e-mail has been marked as SPAM and put into the spam folder
▶ One of the employees opened it…and released a zero-day Adobe Flash vulnerability.
RSA E-mail & Attachment
http://www.f-secure.com/weblog/archives/00002226.html
The BlueprintHow does this happen?
Net Traveler – 350 Victims in 40 Countries
1/28/2014
6
ORIGINAL CORPORATE SECURITY PERIMETER
TODAY’S SECURITY PERIMETER
VULNERABILITIES – WHO IS AT RISK?
▶ In the first half of 2013, over 30,900,000 vulnerable programs
and files were detected on user computers running Kaspersky
Security Network (KSN)
▶ An average of 8 vulnerabilities were detected on each user’s
computer
▶ 45% of vulnerabilities detected by users were Oracle & Java
▶ Oracle Java, Adobe Reader, Office and Adobe Flash are the
most exploited programs by cybercriminals in attacks
Source: Kaspersky Lab 2013 Vulnerabilities Report
In short, many more users are vulnerable than
conventional thinking suggests
Vulnerable Apps Exploited by “The Bad Guys”
1/28/2014
7
▶ Vulnerabilities can enable
attackers to do several
things including accessing
systems and bypassing
security.
▶ Several exploits can be
developed per vulnerability
and are high commodities
in the cybercriminal
underground
EXPLOITING VULNERABILITIESEXPLOITING VULNERABILITIESEXPLOITING VULNERABILITIESEXPLOITING VULNERABILITIES
2013 Key Statistics• Neutralized 5,188,740,554 cyber attacks on users
computers and mobile devices
• Neutralized 1,700,870,654 attacks from online
resources
• Detected 3,000,000,000 attacks on users computers.
• 45% of neutralized web attacks were from web
resources located in US and Russia
KASPERSKY LAB ANALYSIS REPORT
▶ In 2012-2013, 37.3 million users around the world were subjected to phishing attacks, up 87% from 2011-2012
▶ The number of distinct sources of attacks in 2012 and 2013 increased 3.3 times (+330%)
SOURCE: THE EVOLUTION OF PHISHING ATTCKS 2011-2013, KASPERSKY LAB ANALYSIS REPORT
▶ 102,100 Internet users around the world were subjected to phishing attacks daily!
Sources of Spam by Country
PAGE 28 |Source: Kaspersky Lab November 2013
1/28/2014
8
THE EVOLVING SHAPE OF THE WORKPLACE
THE HUGE RISE OF MOBILE MALWARE
0
10000
20000
30000
40000
50000
60000
70000
80000
2010 2011 2012 2013
Mobile Malware Unique Samples
Unique mobile malware samples collected 2004 - 2010 1,160
Up to December 2013 148778
2011 saw a sharp rise 6,193
2012 saw another sharp rise 40,000
Source Kaspersky Lab December 2013
2013 Mobile Malware Breakdown
• All mechanisms used to target
PC’s moving to mobile
• Main target to steal money;
secondary target to steal personal
data
• Majority of Mobile Malware are
botnets with rich feature set
• Online Banking the clear target
https://www.securelist.com/en/analysis/204792318/Kaspersky_Security_Bulletin_2013_Overall_statistics_for_2013
Mobile Malware by Mobile OS
https://www.securelist.com/en/analysis/204792318/Kaspersky_Security_Bulletin_2013_Overall_statistics_for_2013
2103 Observations
• Android 99.92 % of all attacks
• Emergence of Mobile Botnets
• First 3rd Party Botnets, i.e. mobile devices infected with other malicious
programs used to distribute mobile malware. (Qbad)
• New program steal money from online bank accounts and phone accounts
• Major android vulnerabilities
• Using GCM to control botnets
• APT attacks
• Attacks on PC’s through Android Platform
https://www.securelist.com/en/analysis/204792318/Kaspersky_Security_Bulletin_2013_Overall_statistics_for_2013
1/28/2014
9
I saw this just before a flight…
Large Android Botnet
The stories just keep coming……….
In the last few months
1/28/2014
10
“B Y O D”The Effects of Consumerization
•• Dual use ofDual use of computers for computers for personal and business personal and business purposespurposes
•• TrojanTrojan InfectionsInfections
•• Puts VPN Credential at riskPuts VPN Credential at risk
•• IncreasedIncreased risk of data loss risk of data loss (theft)(theft) Base= 1508 Security Decision-Makers
Source: Forrsights Security Survey, Q2 2012
Which of the following security technologies and po licies, if any, would alleviate your concerns?
[Concerned about employee-provisioned devices]
53%
41%
47%
60%
65%
62%
66%
71%
46%
55%
65%
71%
66%
70%
73%
84%
47%
57%
66%
72%
73%
73%
80%
83%
Transparency and auditing of what data consumer …
Application control
Selective wipe
Network security features like encrypted email …
Password entry for device access
Anti-malware protection for the device
Encryption capabilities for data on the device
Remote lock and remote wipe in case the device is lost …
VSB (2-19 employees) SMB (20-999 employees) Enterprise (1,000 or more employees)
Remote lock/wipe and data encryption are the top 2 “must-haves” to
alleviate concerns with BYOD at companies of all sizes
The DropZone – This is Real
1/28/2014
11
Cyber Scam Predictions 2014• TV’s watching you
• More Ramsomware
• Destroying Data rather than collect it
• Loving the “Like”
• More Mobile Malware
• Targeting Software Developers
http://blog.aarp.org/2013/12/27/cyber-scam-predictions-for-2014/
Kaspersky Lab 2014 Forecast• Mobile Threat Evolution
• Attacks on Bitcoin
• Problems protecting privacy
• Attacks on Cloud Storage Facilities
• Attacks on Software Developers
• Cyber-mercenaries
• Fragmentation of Internet
• The pyramid of cyber-threats
http://www.securelist.com/en/analysis/204792320/Kaspersky_SecurityBulletin_2013_Forecasts
5 Ways IT is5 Ways IT isEnablingEnabling
CybercrimeCybercrime
Be Ready for What’s NextBe Ready for What’s Next
1) Migration MyopiaBelieving that company data never finds its way to home systems
1/28/2014
12
2) Social Media ManiaAdopting Social Media Without Protection
ResponseDetectionPrevention
3) Attention Misdirection
• 95% of respondents listed the 12 items below
• 95% thought that Prevention was key
• IT Security spending follows the same mindset
Focusing on Protection vs. Detection and Response
Alarm Motion detectorMonitoring Crime watch
Doors LocksWindows Fence
Dog GunPolice Insurance
Source: “Data @ Risk” by David H. Stelzl
How They Break In:
34% 34% 9% 9%
23% 23% 4% 4%
22% 22% 2% 2%
4) Awareness Deficit
Failing To Foster A Culture Of Awareness
5) Reliance on Compliance• Compliance… just one step north of negligence.
Josh Corman, the 451 Group
Compliant Lifeboat Capacity:
1,060
Actual Lifeboat Capacity:
1,178
Passengers:
3,547
1/28/2014
13
Malware
The impact on IT security
Mobile / BYOD
Your data is onthe move!
The #1 target: applications!
49
YOUR DATA
Response: Anti-malware plus
management tool / dashboard
Response: Systems / patch management
Response: Data encryption
Response: Mobile device management (MDM)
Malware
The impact on IT security
Mobile / BYOD
Your data is onthe move!
The #1 target: applications!
50
YOUR DATA
Response: Anti-malware plus
management tool / dashboard
Response: Systems / patch management
Response: Data encryption
Response: Mobile device management (MDM)
This is complexityCOMPLEXITY IS THE ENEMY OF IT SECURITY
Malware
What if?
Mobile / BYOD
Your data is onthe move!
The #1 target: applications!
51
YOUR DATA1PLATFORM
MANAGEMENT CONSOLE
COST
Endpoint control tools: application, device
and web control
Systems Management
including patch
management
52
Kaspersky Endpoint Security for Business
All managed through a single management console: Kaspersky Security Center
Anti-malwaretraditional & cloud-assisted
Mobile securityMDM plus mobile security
agent
Data encryptionfile / folder,
full-disk